The archived blog of the Project On Government Oversight (POGO).

May 31, 2011

SEC Narrowly Approves Final Rules for Whistleblower Program in Face of Industry Pressure

By MICHAEL SMALLBERG

At a highly anticipated open meeting held last week, the Securities and Exchange Commission (SEC) voted 3-2 to approve final rules for expanding and strengthening a program to reward whistleblowers who provide the agency with tips that lead to successful enforcement actions. Overall, despite facing significant pressure from industry groups to water down the program, the SEC was able to approve final rules that offer meaningful incentives and protections to whistleblowers, and will hopefully go a long way toward ensuring that the SEC has the information it needs to avert another financial crisis.

The SEC’s program is based on a simple but powerful premise: the Commission will be better positioned to protect investors and ensure the integrity of our financial markets if whistleblowers with direct knowledge of securities law violations are given the appropriate incentives and protections to disclose this information.

In last year’s Dodd-Frank financial reform legislation, Congress made vast improvements to the SEC’s whistleblower reward program, offering awards for tips related to any securities law violation that leads to a penalty or disgorgement of $1 million or more, guaranteeing that qualified whistleblowers will receive at least 10 percent of the amount recovered, and protecting whistleblowers from retaliation, among other key reforms.

Soon after the bill was signed into law, corporate lobbyists launched a massive effort to shape the SEC’s rulemaking on this issue. For example the Chamber of Commerce and other industry groups proposed that whistleblowers should generally be required to disclose wrongdoing internally to their employer before coming to the SEC.

Meanwhile, POGO and other groups have been urging the SEC to establish safe and open channels for whistleblowers to make direct disclosures, rather than requiring them to go through internal compliance programs—a dangerous proposal that would give lawbreaking companies the opportunity to retaliate against the whistleblower and keep their problems hidden from the SEC. We filed a public comment in December on the SEC’s proposed rules and have attended several meetings since then with SEC Commissioners and their staff to discuss our concerns. We also called on Congress to reject legislation introduced by Rep. Michael Grimm (R-NY) that would completely gut the SEC’s program just as key improvements are being put in place.

Here’s a brief recap of the recommendations from our public comment, which is referenced throughout the SEC’s final rules:

Reject industry’s calls for an internal reporting requirement;

Clarify that a tipster like Harry Markopolos could qualify for an award for providing the SEC with “independent analysis,” even if that analysis is largely based on information obtained from publicly available sources;

Lower the threshold to allow employees with legal, compliance, audit, supervisory, or governance responsibilities to report to the SEC if a company fails to conduct an adequate internal investigation;

Recognize that there may be situations in which a whistleblower obtains information through a violation of a foreign criminal law without violating U.S. federal or state securities laws, in which case the whistleblower should not automatically be disqualified from reporting to the SEC

Clarify that protective orders in private litigation can never be used to conceal violations of securities laws from the SEC;

Clarify that employees would be protected by Dodd-Frank’s anti-retaliation measures even if they don’t technically qualify for an award; and

Stipulate that nobody can try to impede a whistleblower from communicating directly with the SEC about a securities law violation by, for instance, forcing the whistleblower to sign a confidentiality agreement.

Here’s how our recommendations fared in the SEC’s final rules:

Internal reporting requirement

At the open meeting, SEC Chairman Mary Schapiro stated that the internal reporting issue generated the most public comments. In the end, despite industry’s intense lobbying efforts, the SEC stood its ground and agreed not to implement an internal reporting requirement.

We were encouraged by several comments made by SEC officials on this issue. Chairman Schapiro stated that incentivizing rather than requiring internal reporting is more likely to foster a strong culture of compliance within companies, and pointed out that the whistleblower is usually in the best position to determine which route to pursue to report wrongdoing. Enforcement Director Robert Khuzami made the following points: 1) an internal reporting requirement would undermine SEC enforcement and be inconsistent with the statute’s goals; 2) he was not of aware of any empirical data to suggest that an internal compliance program will be undermined if employees are allowed to report directly to the SEC; 3) ethical companies should have strong compliance programs regardless of the SEC’s rules; and 4) Dodd-Frank made no mention of any internal reporting requirement. And SEC Commissioner Luis Aguilar pointed out that the vast majority of whistleblowers initially seek to report problems internally—as is clearly demonstrated in a recent study issued by the Ethics Resource Center.

At the same time, the SEC added or modified several rules to incentivize whistleblowers to utilize their company’s internal compliance system. For instance, a whistleblower could still qualify for an award if they report internally and the company discloses the violations to the SEC. An employee will be treated as a whistleblower under the SEC’s program as of the date they report internally as long as they provide the same information to the SEC within 120 days. And the SEC can adjust the award amount depending on whether the whistleblower voluntarily participated in their firm’s internal compliance and reporting system.

“Independent analysis”

The SEC modified its rules to clarify that “independent analysis” can be based on the whistleblower’s evaluation of publicly available sources, such as a judicial or administrative hearing, a government report, hearing, audit, or investigation, or the news media.

Exclusion for certain categories of employees

The final rules provided additional clarity on the categories of employees who typically would not qualify for a whistleblower reward: people with a pre-existing legal or contractual duty to report information to the SEC; attorneys (including in-house counsel) who attempt to use information obtained from clients to make a claim for themselves; people who obtain information in violation of federal or state criminal law; foreign government officials; officers, directors, trustees, or partners of an entity who learn about misconduct from another person or through the entity’s internal systems, such as a company hotline; compliance and internal audit personnel; and public accountants working on SEC engagements, if the information relates to violations by the engagement client.

However, there are conditions in which certain excluded employees could still be eligible for an award, such as if the whistleblower believes that disclosure will prevent substantial investor losses or that the company is seeking to impede an investigation, or if at least 120 days have passed since the whistleblower reported the information to a supervisor or to the company’s audit committee, chief legal officer, or chief compliance officer.

It’s worth noting that the SEC scaled back several of the exclusions proposed in its original rules. For instance, the final rules removed non-officer supervisors from the list of excluded employees.

With respect to our recommendation regarding foreign criminal laws, the final rules “recognize that other countries often have legal codes that vary greatly from our own, and we are not in a position to decide as a categorical rule when it is appropriate to deny an award based on foreign law.” The SEC also determined “not to exclude whistleblowers who provide us with information that an opposing party may contend comes within the scope of a protective order.”

Anti-retaliation measures

The final rules clarify that a whistleblower who provides information to the SEC will be protected from retaliation “if the whistleblower posses a reasonable belief that the information he or she is providing relates to a possible securities law violation that has occurred, is ongoing, or is about to occur.”

The rules also make it unlawful for anyone to interfere with a whistleblower’s efforts to communicate with the SEC, such as by threatening the whistleblower with a confidentiality agreement.

We hope Congress and the SEC resist any ongoing efforts to weaken the program. Indeed, it appears the whistleblower program is already having a positive effect. Enforcement Director Khuzami announced that there has already been an uptick in “high-quality” tips and complaints, not the “flood” of frivolous complaints that many companies warned about. And Stephen Cohen, an Associate Director in the SEC’s Enforcement Division, described one recent case in which a two-day meeting with a whistleblower is likely to have saved SEC staff months of investigative work.

We look forward to even more enforcement success stories coming out of the SEC’s efforts to incentivize and protect whistleblowers.